A recent report released by the US Department of Defense (DoD) suggests that China’s cyberattacks on critical infrastructure may be part of a larger strategy to gain an advantage in the event of a future war. The DoD’s 2023 Cyber Strategy highlights a rise in state-sponsored cybercrime from the People’s Republic of China (PRC), particularly targeting sensitive targets that could impact military response capabilities. According to the report, these attacks are aimed at countering US conventional military power and degrading the combat capability of the Joint Force.
The DoD report accuses the PRC of posing a significant and pervasive cyberespionage threat. It claims that China engages in surveillance of individuals outside its borders, steals technology secrets, and undermines the capabilities of the military-industrial complex. The agency warns that these activities go beyond ordinary intelligence-gathering and are instead part of China’s preparations for future conflicts.
In the event of a conflict, the report suggests that China intends to launch destructive cyberattacks against the US homeland. These attacks would aim to hinder military mobilization, create chaos, divert attention and resources, and disrupt key networks that enable Joint Force power projection in combat.
The notion that cyber activity could precede military action aligns with previous assessments made by Microsoft and other cybersecurity experts earlier this year. The Volt Typhoon attacks, a Beijing-supported advanced persistent threat (APT), garnered national attention in the US. They compromised telecom networks, power and water controls, US military bases, and other critical infrastructure that could hamper real-world military operations.
While these compromises have not yet impacted the operational technology (OT) used by the victims, concerns have been raised about China’s potential to conduct disruptive attacks on American pipelines, railroads, and other critical infrastructure if the US were to get involved in a potential invasion of Taiwan.
The malicious actors behind the Volt Typhoon attacks have demonstrated a sophisticated approach, moving laterally into environments and meticulously covering their tracks. This makes it difficult for security teams to determine the level of infiltration. Additionally, the attacks may have unintended consequences, impacting not only the intended targets but also bystander businesses that rely on IoT/OT systems. As nation-state threats leak over to non-nation-state actors, organizations in critical infrastructure sectors become direct targets.
To address these challenges, the DoD’s report outlines a “whole-of-government” effort to increase resilience and make it harder for adversaries to disrupt essential services. The department aims to leverage all available resources and partnerships to improve the cybersecurity of US critical infrastructure systems. The report also includes specific actions to enhance hardening and readiness.
The DoD highlights the importance of public-private partnerships in defending against cyber threats in the critical infrastructure space. Collaborations between government agencies and private sector entities play a crucial role in increasing cybersecurity resilience. For instance, the Cybersecurity and Infrastructure Security Agency (CISA) offers free network security and vulnerability scanning to water utilities as a proactive measure to identify and protect against potential cyberattacks.
According to experts, the volume, velocity, and persistence of cyber threats have evolved over the years due to advancements in computational capabilities and increased sophistication by nation-state threat actors. From historical cyber incidents like Stuxnet to recent conflicts between Ukraine and Russia, vulnerable IoT/OT systems remain targets for adversaries seeking battlefield advantages. With this in mind, continuous improvement of cyber defenses and disruption of adversaries’ efforts become critical priorities.
As the threat landscape continues to evolve, governments and organizations must remain vigilant, strengthen partnerships, and enhance cybersecurity measures to protect critical infrastructure. By acknowledging the link between cyber activity and potential military actions, the DoD’s Cyber Strategy aims to ultimately safeguard national security and ensure the resilience of US critical infrastructure systems.